(Hint to the reader: For the purpose of this post you can safely ignore what ufw is and how it actually works. My question is not about ufw, but about packaging).
I have my own Deb package mypackage. It does some networking and requires certain ports to be open. It is safe to assume that the only firewall that might be in place is ufw. I want my package to not depend on ufw's presence. Instead, I want its postinst routine to determine whether or not ufw is in place, and if yes to add a rule. Here it my current postinst:
if ufw version > /dev/null 2>&1; then
ufw allow in proto udp from any to any port 12345
fi
This works fine if ufw is installed, and it works fine if ufw is not installed.
It fails however if my package and ufw get installed at the same time:
apt-get install mypackage ufw
What happens is that mypackage and ufw get both unpackaged, then the Setting up phase is called first for mypackage, which finds ufw present (ufw version succeeds), but because it hasn't been setup yet, it doesn't work properly yet, and adding a rule fails:
Selecting previously unselected package mypackage.
Unpacking mypackage (from .../mypackage_1.0_all.deb) ...
Selecting previously unselected package ufw.
Unpacking ufw (from .../archives/ufw_0.31.1-2_all.deb) ...
# ...
Setting up mypackage (1.0) ...
ERROR: Couldn't stat '/etc/default/ufw'
ERROR: Couldn't stat '/etc/default/ufw'
dpkg: error processing mypackage (--configure):
subprocess installed post-installation script returned error exit status 1
How can I force the --configure for ufw to run before mine, without depending on ufw?
